Header graphic for print

HL Chronicle of Data Protection

Privacy & Information Security News & Trends

Posted in Consumer Privacy, Cybersecurity & Data Breaches

FTC and NHTSA to Explore Vehicle Privacy and Security Issues

shutterstock_67251187The Federal Trade Commission (FTC) and National Highway Traffic Safety Administration (NHTSA) are co-hosting a workshop on June 28, 2017, to explore the privacy and security issues raised by automated and connected vehicle technologies. The agencies are looking to explore the types of data such technologies collect, store, transmit, and share; the potential benefits and challenges posed by the technologies; the privacy and security practices of vehicle manufacturers; the roles that federal agencies should play in regulating privacy and security issues; and how self-regulatory standards apply to connected vehicle privacy and security issues.

In advance of the workshop, the FTC and NHTSA are seeking public comment on privacy and security issues. Comments may be submitted through April 20, 2017, and the agencies have noted the following topics of interest: Continue Reading

Posted in Consumer Privacy, Financial Privacy

FTC Hosts FinTech Forum on Artificial Intelligence and Blockchain Technologies, Part II

shutterstock_341933759As previously reported, on Thursday, March 9th, the Federal Trade Commission (FTC) hosted a forum on the consumer implications of recent developments in artificial intelligence (AI) and blockchain technologies. This is the second of two entries on the March 9th FinTech Forum. Today’s post focuses blockchain technologies. Coverage of the opening remarks and the AI discussion may be found here.

Continue Reading

Posted in Consumer Privacy, Financial Privacy

FTC Hosts FinTech Forum on Artificial Intelligence and Blockchain Technologies

iStock_000055649968_DoubleOn Thursday, March 9th, the Federal Trade Commission (FTC) hosted a forum on the consumer implications of recent developments in artificial intelligence (AI) and blockchain technologies. This was the FTC’s third forum on issues in FinTech. Previous FinTech Forums covered marketplace lending and crowdfunding and peer-to-peer payments.

In opening remarks, the FTC acknowledged the benefits of technological developments in AI and blockchain technologies: AI promises better decision-making and personalized consumer technologies, while blockchain technologies would increase the efficiency of financial transactions and eliminate the need for the middleman, among other benefits. But, the FTC stressed that advancements in these technologies must be coupled with an awareness of and active engagement in identifying and minimizing associated risks. For AI, this means countering biased or incomplete results, improving the transparency of decision-making, and addressing general lack of consumer awareness and understanding. For blockchain, it means strengthening data security, increasing oversight, and preventing abuse of the technology. The need to carefully consider the challenges raised by technological advancements was echoed by panelists throughout the forum, suggesting that the FTC will likely expect companies in these industries to have assessed and taken steps to mitigate the novel risks they face as they continue to innovate and break new ground in these spaces.

This is the first of two entries on the March 9th FinTech Forum. Today’s post focuses on Artificial Intelligence, with coverage of blockchain technologies to follow.

Continue Reading

Posted in International/EU Privacy

UK ICO Publishes Guidance on Consent Under GDPR

ICO_logoThe UK Information Commissioner’s Office has just published draft guidance on consent under GDPR. This is an interesting move given that the Article 29 Working Party has promised guidance on the same topic later this year, but reading the guidance makes it clear why the ICO decided to prioritise it: many of the practices which it identifies as unacceptable are fairly common in the UK, meaning many companies are going to have to re-think their approach to legitimising their data processing.

Continue Reading

Posted in International/EU Privacy

Health Company Fined by UK’s Information Commissioner Office

shutterstock_366825284Last week, the UK’s Information Commissioner’s Office (ICO) published a monetary penalty notice which fined a private healthcare company, HCA International, £200,000 for its failure to keep sensitive data secure.

Continue Reading

Posted in News & Events

Privacy and Cybersecurity March 2017 Events

Please join us for our March 2017 Privacy and Cybersecurity Events.

March 2
Privacy Women Showcase
Julie Brill will be speaking at a NY Bar Association event on “Careers in Privacy.”
Location: New York, New York

 

March 14
Connected Car Technologies and Trends
Tim Tobin will speak on “Protecting the Connected Car” at Automotive Megatrends’ Connected Car Detroit 2017.
Location: Dearborn, Michigan

 

Continue Reading

Posted in Consumer Privacy

FCC Chairman Announces Intent to Stay Broadband Data Security Rules

shutterstock_123802696The Federal Communications Commission’s (FCC) Media Relations Office has released a statement announcing Chairman Pai’s intention to stay a data security rule adopted by the Commission late last year in its Broadband Privacy Order.  Absent a stay, the rule is set to go into effect on March 2.

Continue Reading

Posted in International/EU Privacy

Australia Introduces Mandatory Data Breach Notification Scheme

Australian flagOn 13 February 2017, the Australian Senate passed into law the Privacy Amendment (Notifiable Data Breaches) Bill 2016. This law amends the primary privacy and data protection legislation in Australia, Privacy Act 1988 (Cth), to introduce the long-anticipated mandatory data breach notification scheme. Under this scheme, all agencies and businesses that are regulated by the Privacy Act are required to provide notice to the Australian Information Commissioner and affected individuals of certain data breaches that are likely to result in “serious harm.”

Continue Reading

Posted in Cybersecurity & Data Breaches

The “Final Final” is Here: NYDFS Cybersecurity Regulations

shutterstock_71527090As Hogan Lovells previously reported, the New York State Department of Financial Services (NYDFS) has launched a significant initiative to impose detailed cybersecurity requirements on covered financial institutions. On February 16, NYDFS issued its Final Rules, following the initial proposed rules published in September 2016 and two rounds of feedback via industry complaints and public comment. The Final Rules set forth requirements for a risk-based approach to cybersecurity, and include expectations for reporting on cybersecurity risks and events to senior management and NYDFS.

Click here to learn more about how to prepare for the new requirements, timing and implementation details, changes to the rules since the December announcement, and other related cybersecurity developments.

Posted in International/EU Privacy

Polish DPA Releases Data Privacy Inspection Plans – Targets Health, Shopping

shutterstock_283429205The Polish Data Protection Authority (GIODO) has just released its inspection plans for 2017. This year, the GIODO has decided to target its review of compliance with data protection laws on the health services and consumer sectors, with particular attention to certain profiling activities taking place in stores and shopping malls.

Continue Reading